Main navigation

CCNP SWITCH – Dot1Q

These are my notes for the CCNP SWITCH, 300-115, Objective 1.4.b dot1Q.

Dot1Q is IEEE 802.1Q, the standard for trunking encapsulation. On Cisco switches, you configure dot1q on trunk ports which allow tagged frames to be transported on a trunk link, allowing multiple VLANs to traverse through one link. This extends the VLANs across the network.

When configuring trunk ports, both ends of the link must have the same native VLAN. If the native VLAN does not match, an error message will be displayed on the console.

An interface supports different trunking modes:

dynamic auto – Interface is able to convert to a trunk link if the other end of the link is set to trunk or desirable mode. This is the default switchport mode.

dynamic desirable – Interface actively tries to convert to a trunk link. The link becomes a trunk if the other end is set to trunk, desirable, or auto mode.

trunk – Permanently places the interface in trunk mode. Interface becomes a trunk even if the other end is not a trunk interface.

nonegotiate – Prevents the interface from generating DTP frames.

When an interface is in trunk mode, it is able to send and receive traffic from all VLANs. It is possible to allow only specific VLANs to traverse over the trunk.

Load Sharing

Priorities can be set on a parallel trunk port so that the port carries all traffic for a given VLAN. A trunk port with the higher priority (lower value) for a VLAN is forwarding traffic for that VLAN. The trunk port with the lower priority (higher value) for that same VLAN is in the blocking state for that VLAN.

Trunk Settings

Trunk ports can be configured into an EtherChannel port group with all trunk interfaces with the same configuration. Any changes to the port group will propagate the change to all ports part of the group.

Configuring VLAN Trunks

To disable trunking all together, force the switchport into access mode.

switchport mode access

On some switches you must specify dot1q (802.1q) as the encapsulation using the command:

switchport trunk encapsulation dot1q

Connect ports into both switches and for each interface issue the commands:

Configure the Native VLAN for Untagged Traffic

A trunked port will received tagged and untagged traffic. Any received untagged traffic is forwarded on the native VLAN which is VLAN 1 by default. To specify the default VLAN:

config t
interface interface-id
switchport trunk native vlan vlan-id

Load Sharing

Port Priorities

Earlier I mentioned load sharing can be configured on a trunk link. This is done using spanning-tree commands.

config t
interface interface-id
spanning-tree vlan 2 port-priority 10

Path Cost

config t
interface interface-id
spanning-tree vlan 5 cost 20

802.1Q Tunneling

802.1Q tunneling is used by service providers to provide customers with layer 2 VPN connectivity between sites. Customers can continue to utilize their own VLAN ID schemes while the service provider maintains those tags as the traffic traverse’s the SP’s network.

The SP configured their customer-facing interface as an 802.1Q tunnel port which is assigned a customer VLAN. As the customer’s frame arrives as the SP port, it will encapsulate it with another VLAN tag (the VLAN assigned to the customer). By another name, it is called QinQ.

The customer will configure their port as a trunk towards the SP’s tunnel port.

802.1Q Tunnel Configuration

The configuration between the service provider switches carrying traffic for Company ABC and Customer XYZ: